Monthly Archives: September 2007

It’s self-serving, but a new study by McAfee Inc. and the National Cyber Security Alliance has found that 78 percent of consumer PCs in the U.S. are not protected (defined as having up-to-date AV, spyware and a properly configured firewall).

What’s interesting, though is how many people think they are protected: 93 percent according the survey, which is set to be released Monday.

An online malware measuring tool has unexpectedly rated U.K. PCs as having the lowest level of infection in Europe.

The Nanoscan tool, which can be downloaded as a plug-in from the site of owner Panda Software, put the U.K. in bottom spot last week, with only 8.1 percent of those scanned showing active malware. By a separate measure, that of ‘latent’ or inactive malware, however, the U.K. fared less well, reaching 20.7 percent.

Top of the infection list for active malware was France (28.2 percent), Mexico (23.1 percent), Brazil (18 percent), the U.S. (17.8 percent), and Argentina (17.4 percent).

A laptop containing unencrypted personal information for 800,000 people who applied for jobs with clothing retailer Gap Inc. has been stolen.

The computer contained social security numbers and other sensitive information belonging to residents of the US and Puerto Rico who applied online or by phone for jobs from July 2006 to June 2007, the retailer said in this list of frequently asked questions. Details for applicants living in Canada were also exposed, although they didn’t include social insurance numbers.

Windows administrators who have missed AutoPatcher, an independent, free patch distribution tool that was shut down by Microsoft, will be relieved to hear it may be making a comeback.

In August, Microsoft told AutoPatcher to stop making the tool available. AutoPatcher combined Microsoft and other application patches, along with registry tweaks, without remaining connected to the Internet. Antonis Kaladis, AutoPatcher’s project leader, said this week he hopes to have the new version of AutoPatcher available in early October.

Update: Symantec respond and will address the issue in today’s definitions.

2nd Update: Symantec released their new defs for Sept. 29 rev. 7 but it continues to detect Adware.Mirar if the system is immunized using Spybot S&D. I reported again to Symantec. New screenshots at the above link.

If the crooks behind viruses, Trojan horses, and other malicious software were as stupid as they are scummy, we’d have a lot less to worry about. But as protective measures get better at stopping the obvious attacks, online creeps respond with underhanded moves to invade your PC. Here are five of their dirtiest tricks, all based on Trojan horses:

A project aimed at developing defences against malware that attacks unpatched vulnerabilities involved tests on samples developed by the NSA.

The ultra-secretive US spy agency supplied network testing firm Iometrix with eight worms as part of its plans to develop what it describes as the industry’s first Zero-day Attack Test Platform.

Richard Dagnell, VP of sales and marketing at Iometrix, said the six month project also featured tests involving two worm samples developed by a convicted hacker. The potency of the malware supplied by the NSA far exceeded that created by the hacker.

America Online is working on a patch for what security researchers are calling a “major vulnerability” in the company’s highly popular Instant Messenger application.

Researchers at Core Security Technologies Wednesday disclosed a bug that they say could severely impact the millions of registered users of AOL’s instant-messaging service, AIM. The flaw, according to Core Security, would enable a series of attacks — enabling a remote hacker to execute malicious code, exploit Internet Explorer bugs, and inject scripting code in the IE browser.